Welcome Phaser 3124, so long Docuprint 203A I bought my second printer, Fuji Xerox Docuprint 203A when I did my masters degree in USM back in 2006. At that time I printed out papers and stuffs with that printer, without much hassle. Once I reported back to my workplace, the printer left idle in the store room since most of the time I just print stuffs in the office (and not much need to print paper since usually I just printed out exam questions for my students). In 2010, I've to use my printer back. Unfortunately, when I lived in my old rented house, the printer was colonized by pests, even the box was munched out. So I've to clean out the printer so that it'll look okay. Yeah, perhaps I am wrong, after a rim papers was printed out, the printer experienced problem, it won't work. Say, for example, I want to print a page, it will print two, one sheet where it suppose to get the writings printed, another one just blank sheet. But most of the time it won't print at al…
Algorithms, specifically pattern matching algorithm widely being used in information processing areas, such as bioinformatics and computer security. In computer security domain, this includes packet inspection, file maliciousness detection and such. To name a few, Aho-Carosick being used for one IDS' string search (not sure if it still using it). Then there are anti viruses looking for certain string for their signature matching detection.
Kippo Honeypot My laptop currently running Kippo honeypot which can be downloaded here. It supports MySQL database (and soon, the author plans to support SQLite, I am not sure as an option or successor). Basically it's a honeypot which listen on SSH service on port 2222, which, if you're running on Linux for example you can reroute from port 22 (the normal port). As in my case, I am currently running this service behind NAT, so I've to do the port forwarding thing prior to make it work. This can be achieved by; iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 22 -j REDIRECT --to-port 2222 And you can check it by;
iptables -t nat -vL Chain PREROUTING (policy ACCEPT 46764 packets, 3114K bytes) pkts bytes target prot opt in out source destination 1 60 REDIRECT tcp -- eth1 any anywhere anywhere tcp dpt:ssh redir ports 2222 I have plenty of attempts including a brute force attempts with Japanese dictionary passwords. …
( SELECT COUNT(*) FROM ( SELECT MIN(a.download) AS download FROM downloads AS a JOIN connections AS b ON(a.connection = b.connection) GROUP BY a.download_md5_hash HAVING strftime('%Y-%m-%d',MIN(b.connection_timestamp),'unixepoch','localtime') = strftime('%Y-%m-%d',connections.connection_timestamp,'unixepoch','localtime') ) AS newdownloads NATURAL JOIN downloads WHE…
Saya berpeluang berjalan-jalan di Kota Paris, bersama isteri saya selepas kira-kira enam bulan perkahwinan kami (macam honeymoon lah tu!). Kami bertolak berdua dari Stesen Keretapi St Pancras di London, dan tiba di Stesen Keretapi Gare Du Nord di Paris. Perjalanan adalah kira-kira 2 jam, merentasi terowong bawah laut Selat Inggeris. Di Paris kami tidak punya banyak masa, disebabkan cuti isteri saya yang pendek, kami hanya ambil cuti seminggu sahaja untuk pusing-pusing di Ireland, UK dan Perancis. Kenangan di Perancis lebih mencabar kerana sahabat kami yang mulanya menemani perjalanan di UK dan Ireland (dia belajar di Dublin) tidak dapat menemani kami, kerana ada kelas. Nak harapkan orang yang tak pernah study oversea macam kami ni hehehehe
Maka perjalanan pun bermula...! Setelah sampai di Gare Du Nord tadi, kami perlu mencari penginapan kami, hotel bajet yang terletak di Rosny (macam nama Dekan saya dulu, Dr Rosni). Mula-mula kami naik keretapi RER dan turun di…
Gnuplot stuffs Yeah, long time not dealing with Gnuplot now it's up to it again. Since my machine didn't get a lot of binaries compared to other people out there who might have vast range of public IPs, so here goes. This is the content of my uniqfiles.txt
2010-06-18|108|12|98|11|11 2010-06-17|96|25|87|20|19 2010-06-16|71|4|67|3|2 2010-06-15|67|2|64|2|2 2010-06-14|65|8|62|8|8 2010-06-12|57|8|54|8|8 2010-06-09|49|4|46|4|4 2010-06-08|45|7|42|6|6 2010-06-06|38|7|36|7|7 2010-06-05|31|8|29|8|8 2010-06-03|23|3|21|3|3 2010-05-31|20|2|18|2|2 2010-05-26|18|4|16|2|2 2010-05-25|14|2|14|2|2 2010-05-23|12|4|12|4|4 2010-05-22|8|3|8|3|3 2010-05-20|5|5|5|5|5 which actually derived from the following (if you want to see what it means...)
How to visualize them, refer Markus' write up here . This is what I got;
I changed a little bit on the scale since 600x120 seems so squeezed on my plot.
Afterglow stuffs I have been using Afterglow yesteryears back in 2008, when I submit my "conference paper" on what I fetched from my Nepenthes sensors. Tonite I just followed Markus tips on creating the same stuffs, the only thing that triggered me to try out was getting the data from SQLite, something which I never done before since usually I simply create an AWK script (sigh, what a waste) aka log parsing. So 2000 late. This is what I did,
Mwcollectd v4 Mwcollectd is written by 0xff (Georg Wicherski), now that since I plan to contribute back to mwcollect alliance, I've to get a software which provides module for the binaries submission. Nepenthes will do, with the submit-mwserv.conf module (however, I'm yet to know how to enable this, either by editing nepenthes.conf or something). Dionaea, I'm not sure yet since I can't find the module for the submission. For the mean time I go for Mwcollect, perhaps until I can figure out how to do this on Nepenthes/Dionaea. If you wondering what mwcollect is, go here . There is also slides which presented stuffs on mwcollect.
I read about SURFIds long, long time ago but never actually tried it. Today I managed to download the demo image which basically a Debian image, 500MB+ file. Here goes. I open up the file using first, Virtualbox (but since I do not know how to redirect the web server to the host browser, I simply use QEMU since I got the experience of redirecting the TCP connection on QEMU).
My talk has been accepted by MOSC 2010, entitled "Internet Malicious Miscreant. This annual event will be held in Berjaya Times Square, Kuala Lumpur, Malaysia from 29th June until 1st July 2010. At first I was very reluctant to participate as a speaker since for security domain, there are many people out there who are actually working for their bread and butter for this. Anyway, since not to disappoint Fazli, I'll give what I've done throughout these years. Seems from the list of speakers, some of them are international speakers, so don't miss the chance to attend this talk! Register here, discounts waiting for the early birds!
Markus shared that in order to use SQLite which manipulates loqsql.sqlite in the default /opt/dionaea/var/dionaea/logsql.sqlite, sqlite3 should be used. Also instead of using the creepy SQLite statement, use sqlman instead as follows:
also, since Markus already upgraded the Dionaea code, you don't need to use XMPP client either PSI or Pidgin based, instead just invoke /opt/dionaea/bin/dionaea -l all,-debug -L 'logxmpp'
Recently I offered to the members of mypenguin99, to get my encrypted with XOR file decrypted. (I was using xor-analyze, and never mentioned the keylength, and the tool that I chose to encrypt). Bro Bahathir unsurprisingly managed to solve the problem in no time (yeah, need some time to google and decrypt). In this case we need a collision from a dictionary of widely used words, so that the real message can be guessed. Although XOR considered a primitive cryptography, it is being used by malware writers to encrypt part of their payloads, as being written here
I was actually wonder why Nepenthes sensors and Dionaea did not catch any malware since 8th April. It's more than a month now. So I decided to look to the other way despite looking at the empty, boring folder.
But I'm not sure whether my config is correct, although I guess I already able to login.
I bought several books for my study literature, one of them is
"Botnets, The Killer Web App" which covers the technical parts of botnet. At first I doubt the book actually cover the common botnet that people talk about, but after I read the book, yes sure it is. I suggest the word "killer web app" to be phased off, since it is not always dealing with Web... port 6667 isn't Web, port 80 and 443 always Web.
Prior to that I already got Provos and Holz's
Virtual Honeypot's book. This is also a technical book, finely grained covered on howtos of the honeypot including the popular Nepenthes (although now it's already dead, succeeded by Dionaea).
I bought this book, Hacking Exposed: Malware & Rootkits several months back, while it is still new! A good read and really worth for your money. It keeps you update with current stuffs and first of its kind within Hacking Exposed series. Perhaps more to come in the same title in future! If you comfortable shopping online, just visit Amazon and get the latest copy here HACKING EXPOSED MALWARE AND ROOTKITS
TOC Type: 1 = CD-ROM scsidev: '1,0,0' scsibus: 1 target: 0 lun: 0 WARNING: the deprecated pseudo SCSI syntax found as device specification. Support for that may cease in the future versions of wodim. For now, the device will be mapped to a block device file where possible. Run "wodim --devices" for details. Linux sg driver version: 3.5.27 Wodim version: 1.1.9 SCSI buffer size: 64512 Device type : …
GRE? Somebody asked me about GRE, so I archive it here... salam, just started my phd.so far very bz with classes. GRE: to register for this exam you have to register from ETS, it handles TOEFL exam too, fee for GRE is around USD170 (last year), while TOEFL is around USD150. Last time I chose to take the exam at Prometric(nearby LRT Dang Wangi, so it's easy to catch the train since it begin 900AM, otherwise you can choose for evening). I did not really prepare for GRE and TOEFL since I had wedding weeks before.. so busy with something else. Nevertheless the M'sian govt decided not to send the rest of us overseas, so actually taking both pretty much a waste (sigh). But later I took IELTS, and score quite well, also pointless(I got an offer to Australia though). Anyway.. GRE has two sections, quantitative and qualitative, finally analytical writing. Quan. is much like high school math, but you've to get the first few questions right..otherwise your score will be low, since the nex…